Netflix OSS Meetup Recap - September 2016

Last week, we welcomed roughly 200 attendees to Netflix HQ in Los Gatos for Season 4, Episode 3 of our Netflix OSS Meetup. The meetup group was created in 2013 to discuss our various OSS projects amongst the broader community of OSS enthusiasts. This episode centered around security-focused OSS releases, and speakers included both Netflix creators of security OSS as well as community users and contributors.

We started the night with an hour of networking, Mexican food, and drinks. As we kicked off the presentations, we discussed the history of security OSS at Netflix - we first released Security Monkey in 2014, and we're closing in on our tenth security release, likely by the end of 2016. The slide below provides a comprehensive timeline of the security software we've released as Netflix OSS.



Wes Miaw of Netflix began the presentations with a discussion of MSL (Message Security Layer), a modern security protocol that addresses a number of difficult security problems. Next was Patrick Kelley, also of Netflix, who gave the crowd an overview of Repoman, an upcoming OSS release that works to right-size permissions within Amazon Web Services environments.

Next up were our external speakers. Vivian Ho and Ryan Lane of Lyft discussed their use of BLESS, an SSH Certificate Authority implemented as an AWS Lambda function. They're using it in conjunction with their OSS kmsauth to provide engineers SSH access to AWS instances. Closing the presentations was Chris Dorros of OpenDNS/Cisco. Chris talked about his contribution to Lemur, the SSL/TLS certificate management system we open sourced last year. Chris has added functionality to support the DigiCert Certificate Authority. After the presentations, the crowd moved back to the cafeteria, where we'd set up demo stations for a variety of our security OSS releases.

Patrick Kelley talking about Repoman

Thanks to everyone who attended - we're planning the next meetup for early December 2016. Join our group for notifications. If you weren't able to attend, we have both the slides and video available.

Upcoming Talks from the Netflix Security Team

Below is a schedule of upcoming presentations from members of the Netflix security team (through 2016). If you'd like to hear more talks from Netflix security, some of our past presentations are available on our YouTube channel. 

Speakers	Conference	Talk
Jason Chan	Automacon (Portland, OR) Sept 27-29, 2016	Psychology and Security Automation
Scott Behrens and Andy Hoernecke	AppSecUSA 2016 (DC) - Oct 11-14, 2016	Cleaning Your Applications' Dirty Laundry with Scumblr
Scott Behrens and Andy Hoernecke	O'Reilly Security NYC (NYC) - Oct 30-Nov 2, 2016	Cleaning Your Applications' Dirty Laundry with Scumblr
Justin Slaten	Ping Identify SF (San Francisco) - Nov 2, 2016	Co-Keynote
Jason Chan	QConSF (San Francisco) - Nov 7-11, 2016	The Psychology of Security Automation
Manish Mehta	AWS RE:invent (Las Vegas) - Nov 28-Dec 2, 2016	Solving the First Secret Problem: Securely Establishing Identity using the AWS Metadata Service
Jason Chan	AWS RE:invent (Las Vegas) - Nov 28-Dec 2, 2016	The Psychology of Security Automation

If you're interested in solving interesting security problems while developing OSS that the rest of the world can use, we'd love to hear from you! Please see our jobs site for openings.

By Jason Chan